Protecting Java Codes: Encrypted Class Loader

Post navigation

Cloud services are adopted by both start-ups and enterprises in recent years. However, it comes security issues. At this point, developed codes differ from the data. Critical data should be stored as encrypted. On the other hand, developed codes are mostly installed on server vulnerably. For istance, Java projects could be installed on a server as a jar/ear extention file. This files include java classes hierarchically. However, there are several decompilers extract original java codes from class files.

Russell Crowe as John Nash

What if the developed code includes patentable algorithm? An enterprise might protect its intellectual property. In this case, installing the project on a server directly would be like turkeys voting for Christmas. So, what we are saying is that we should encrypt the important codes just as critical data, store them in cloud database, and decrypt it on runtime to protect intellectual property. In this way, custom codes would be still secure even if the cloud system is invaded because encryption key would not be stored on cloud system.

First of all, we need to compile it and generate a class file. Running a java file generates its class in Eclipse IDE. Alternatively, you might execute javac command in command prompt to generate class. The content of standard class file is partially readable and understanable as mentioned below. That’s why, these files are reversible. PS: pay attention that source file does not include package definition line.

Now, we need to develop custom class loader as illustrated below. Standard class loader is responsible for loading classes. This action is handled by findClass method. We would overwrite this method, and put decryption process before defining class.

Thus, core class is performed successfully. hello world! is dumped even though executed code doesn’t include this action.

Encrypted Class Greets The World!

So, we’ve mentinoned how to protect important codes on an external system. AES algorithm is applied to secure the system. AES and other Symetric key algorithms deliver high performance. That’s why, decryption can be handled on runtime very fast. Finally, I’ve shared the project on my GitHub profile.